1. Field of the Invention
The present invention relates to a certification system and an access control device, more particularly to a certification system and an access control device which prevent data in a storage device from being exposed.
2. Description of the Related Art
Of late, a memory card having a flash memory module has been used as a portable non-volatile memory device suitable for a portable information terminal.
Usually, a PCMCIA bus interconnects the memory card and a computer or the like. The computer accesses the attached memory card to store data therein or read data therefrom.
Not only a user of the memory card but also anybody else can see the data stored in the memory card in a case where, for example, the memory card is attached to other""s computer. Portability risks the memory card to such data exposure.
Data encoding has been known as a method for preventing the data from being exposed, however, it has many disadvantageous matters.
Process for encoding and decoding data is dull, because it requires large number of calculation steps. Fast accessibility of the memory card comes to nothing because of such dull process for the data encoding. Moreover, developers of data encoding software must spend a lot of time in designing the software, because they must prepare the large number of calculation steps.
Delivering the encoded data with the memory card from its user to other person is troublesome, because the encoded data must be decoded by the computer or the like each time. The encoded data is meaningless for one to which the data is delivered, because the data is unreadable unless it is decoded.
The present invention has been made in consideration of the above, and it is an object of the present invention to provide a certification system which accomplishes data protection for a storage device while keeping its easy handling for data delivery with a simple structure.
To achieve the above object, an access control device according to a first aspect of the present invention is an access control device connected to
a storage device which stores and supplies data in response to access, and comprises an erasable/programmable storage area for storing certification data; and
an access device which obtains input data, outputs a command for access the storage device, and obtains read-out data supplied in accordance with the command,
the access control device determines whether the input data obtained by the access device substantially coincides with predetermined certification data, and allows acceptant of the command output by the access device when the input data coincides with the predetermined certification data;
receives the command output from the access device while the acceptance of the command is allowed, accesses the storage device in accordance with the received command when the received command represents a predetermined access command in order to obtain the read-out data, and supplies the obtained read-out data to the access device; and
obtains newly prepared certification data from the access device when the command supplied from the access device represents a predetermined configuration setting command, and stores the obtained certification data to the storage area in the storage device.
Such the storage device connected to the access control device is accessed by the access control device when correct certification data is supplied to the access control device from the access device. Thus, the data stored in the storage device is protected from revelation.
Moreover, software developers can design software for generating and supplying the certification data easier than encoding/decoding software, because of simple structure. Such simplicity helps fast accessibility of the storage device such as the memory.
The access action includes not only data reading from the storage device but also data writing to the storage device.
Therefore, the access device may output to-be-written data to be stored in the storage device.
In this case, the access control device may determine whether the input data obtained by the access device substantially coincides with the certification data, and allows acceptance of the to-be-written data when it is determined that the input data coincides with the certification data; and
receives the to-be-written data while the acceptance of the to-be-written data is allowed, writes the to-be-written data in the storage area in the storage device in accordance with the received command when the received command represents the access command which indicates writing of the to-be-written data.
The certification data may comprise an enable command and a password. In this case, the access control device determines whether the input data obtained by the access device substantially includes the enable command and the password while the acceptance of the command output by the access device is refused, and allows the acceptance of the command when it is determined that the input data includes the enable command and the password.
In the case where the certification data may comprise an enable command and a password, the access control device may determine whether the input data obtained by the access device substantially includes the enable command and the password while the acceptance of the command output from the access device is allowed, and refuses the acceptance of the command when it is determined that the input data do not include the enable command and the password.
This structure allows a user to lock the data stored in the storage device so as not to be read by other person even if the storage device is in action. This data protection is effective when, for example, the user leaves the storage device temporarily.
The enable command and the password may be paired while being associated with each other.
In this case, the access control device may determine whether the input data obtained by the access device substantially include a pair of the enable command and the password while the acceptance of the command output by the access device is refused, and allows the acceptance of the command when it is determined that the input data include the pair of the enable command and the password; and
may determine whether the input data obtained by the access device substantially include the enable command and the password which is paired with the enable command while the acceptance of the command is allowed, and refuse the acceptance of the command when it is determined that the input data include the enable command but do not include the password which is paired with the enable command.
In this case, a plurality of the enable commands and passwords may be registered.
The access control device may allow the acceptance of the command when the password includes predetermined data whether the input data obtained by said access device includes the enable command and the password or not.
This structure allows a user to read the data stored in the storage device without certification. Thus, the data do not require decoding for delivering the data to other person.
The access control device may determine whether the input data obtained by said access device substantially includes a predetermined command for data salvation, and allows the acceptance of the command output by said access device when the input data includes the predetermined command.
This structure allows a user to have the data stored in the storage device salvaged, even if the user forgets the certification data. The command for the data salvation should be held by limited persons such as ones relating to the manufacturer, thus, the level of the data protection is kept high.
A certification system according to a second aspect of the present invention comprises:
a storage device, an access device and a controller,
wherein the storage device comprises an erasable/programmable storage area for storing and supplying certification data in response to access,
the access device obtains input data, outputs a command for accessing the storage device, and obtains read-out data supplied from the storage device in accordance with the command, and
the controller determines whether the input data obtained by the access device substantially coincide with predetermined certification data, and allows acceptance of the command output by the access device when it is determined that the input data coincide with the certification data;
receives the command output by said access device while the acceptance of the command is allowed, and access the storage device in accordance with the received command if the received command represents a predetermined access command in order to obtain the read-out data, and supplies the obtained read-out data to the access device; and
obtains newly prepared certification data from the access device if the command supplied from the access device represents a predetermined configuration setting command, and stores the obtained certification data to the storage area in said storage device.
According to the certification system, the storage area in the storage device is accessed when correct certification data is supplied from the access device. Thus, the data stored in the storage device is protected from reveal.
Moreover, software developers can design software for generating and supplying the certification data easier than encoding/decoding software, because of simple structure. Such simplicity helps fast accessibility of the storage device.
The controller may be detachably connected to the access device.
In this case, the controller may supply identification data for identifying the controller to the access device, and
the access device may determine whether the received identification data represent the controller, and outputs the command when it is determined that the received identification data represent the controller.
This structure helps prevent the system from supplying the command to unsuitable controller, because the access to the storage device is allowed after the controller is discriminated.
The access device may determine whether the controller is attached to the access device, and instructs the controller to supply the identification data to the access device when it is determined that the controller is attached to the access device, and
the controller may supply the identification data to the access device when the controller is instructed by the access device.
This structure helps prevent the system from trying to supply the identification data to an unattached access device, because the access to the storage device is allowed after the access device is attached to the controller.
The certification data may comprise an enable command and a password.
In this case, the controller may determine whether the input data obtained by the access device substantially include the enable command and the password while the acceptance of the command output by the access device is refused, and may allow the acceptance of the command when it is determined that the input data include the enable command and the password.
The controller may determine whether the input data obtained by the access device substantially include the enable command and the password while the acceptance of the command output by the access device is allowed, and may refuse the acceptance of the command when it is determined that the input data include the enable command but do not include the password.
This structure allows a user to lock the data stored in the storage device so as not to be read by other person even if the storage device being in action. This data protection is effective when, for example, the user leaves the storage device temporarily.
An access control method according to a third aspect of the present invention is a method for controlling access to a storage device comprising an erasable/programmable storage area for storing and supplying certification data in response to the access, comprises the steps of:
obtaining input data, outputting a command for accessing the storage device, determining whether the input data obtained by an access device, which obtains read-out data supplied in accordance with the command, substantially coincide with predetermined certification data, and allowing acceptance of the command output by the access device when it is determined that the input data coincides with the predetermined certification data;
receiving the command output by the access device while the acceptance of the command is allowed, accessing the storage device in accordance with the received command when the received command represents a predetermined access command to obtain the read-out data, and supplying the obtained read-out data to the access device; and
obtaining newly prepared certification data from the access device when the command supplied from the access device represents a predetermined configuration setting command, and storing the obtained certification data to the storage area in the storage device.
According to such the access control method, the storage area in the storage device is accessed when correct certification data is supplied from the access device. Thus, the data stored in the storage device is protected from reveal.
Moreover, software developers can design software for generating and supplying the certification data easier than encoding/decoding software, because of simple structure. Such simplicity helps fast accessibility of the storage device.
A computer readable recording medium storing a program according to the fourth aspect of the present invention, causes a computer to act as:
a storage device having an erasable/programmable storage area for storing and supplying certification data in response to access;
an access device for obtaining input data, outputting a command for accessing the storage device in order to obtain read-out data output in accordance with the command; and
a controller for determining whether the input data obtained by the access device substantially coincide with predetermined certification data; allowing acceptance of the command output by the access device when it is determined that the input data coincide with the predetermined certification data; receiving the command output by the access device while the acceptance of the command is allowed, accessing the storage device in accordance with the received command when the received command represents a predetermined access command in order to obtain the read-out data; supplying the obtained read-out data to the access device; obtaining newly prepared certification data from said access device when the command supplied from the access device represents a predetermined configuration setting command; and storing the obtained certification data to the storage area in the storage device.
According to the computer which executes the program stored in such the recording medium, the storage area in the storage device is accessed when correct certification data is supplied from the access device. Thus, the data stored in the storage device is protected from reveal.
Moreover, software developers can design software for generating and supplying the certification data easier than encoding/decoding software, because of simple structure. Such simplicity helps fast accessibility of the storage device.
A computer readable data signal representing program code embodied in a carrier wave according to the fifth aspect of the present invention, causes a computer to act as:
a storage device having an erasable/programmable storage area for storing and supplying certification data in response to access;
an access device for obtaining input data, outputting a command for accessing the storage device in order to obtain read-out data output in accordance with the command; and
a controller for determining whether the input data obtained by the access device substantially coincide with predetermined certification data; allowing acceptance of the command output by the access device when it is determined that the input data coincide with the predetermined certification data; receiving the command output by the access device while the acceptance of the command is allowed, accessing the storage device in accordance with the received command when the received command represents a predetermined access command in order to obtain the read-out data; supplying the obtained read-out data to the access device; obtaining newly prepared certification data from said access device when the command supplied from said access device represents a predetermined configuration setting command; and storing the obtained certification data to the storage area in said storage device.
According to the computer which executes the program represented by such the data signal, the storage area in the storage device is accessed when correct certification data is supplied from the access device. Thus, the data stored in the storage device is protected from reveal.
Moreover, software developers can design software for generating and supplying the certification data easier than encoding/decoding software, because of simple structure. Such simplicity helps fast accessibility of the storage device.